Directory traversal

2010-07-0220:30:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

Low

0.03 Low

EPSS

Percentile

91.0%

JSON

Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via "…" (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL.

CPENameOperatorVersion
battlefield_2le2.1.50
battlefield_2142le1.10.48.0

CPE	Name	Operator	Version
	battlefield_2	le	2.1.50
	battlefield_2142	le	1.10.48.0

References

aluigi.altervista.org/adv/bf2urlz-adv.txt

osvdb.org/65863

secunia.com/advisories/40334

www.securityfocus.com/bid/41262